When you own a small business, one of the first things you can do to advertise online is setting up a company website. However, running even a simple website can attract hackers or script kiddies, especially if you do not take precautions or safety measures.

It is common for company websites to be targeted by hackers. However, their attempts usually fail due to good website security that most companies should have. ??We’re sharing good practices and tips for website owners in order for them to have an impenetrable security against hackers.
1.) One of the most recommended tools that every company website should have is a Web Application Firewall. This blocks HTTP traffic going and coming from a web application. This is basically dedicated to protecting your website from attacks such as SQL Injection, cross-site scripting, and other security-related attacks. ??CloudFlare offers website security by implementing Web Application Firewall on your website. CloudFlare also has a Distributed Denial of Service (DDOS) protection which prevents websites to overflow with requests from users.
2.) Use Secure Socket Layers (SSL) certificate to help company owners secure their company website. SSL will cause any form of information to and from the server to be encrypted. This also prevents hackers to sniff out visitor's information when they access your website. You can check out this link on how to properly set-up SSL on your website. After setting up the SSL on your website, you can now have access to "HTTPS" to be further secured in collecting sensitive information on the company website.

3.) For databases on your company's website, hackers may try using the "SQL Injection" method where they will put SQL queries into website databases in order for them to collect data from it. One of the most common methods in order to prevent this from happening is to use SQL parameters. This allows filtering of queries being requested from the database and can prevent SQL injections to be successful.
4.) When your website is down or suffers from errors, make sure that the users accessing your site do not have too much information on the error messages. Having too much information on error messages will give hackers enough idea on how to attack your website so always make sure that you give vague or general information.
5.) Company owners should always hide Admin pages in order for hackers to not easily locate the "main control" of your website. This could lead to a compromise and leakage of vital information of your company.
6.) When creating sign-up or login forms, always perform validation on the server side. By doing this, it will not be easily bypassed by someone with malicious intents and even if javascript is turned off, the validation would still work. In simple terms, means that when users or clients fill out forms, it will only be validated by clicking "submit". One example would be Facebook's sign up form in which users will be notified if there is an invalid information after clicking "create an account".
?7.) Untuk karyawan yang secara rutin mengakses situs web perusahaan mereka, selalu pastikan bahwa Anda memiliki perangkat yang aman dan hanya dapat diakses oleh Anda. Hal ini penting saat mengakses situs web, terutama jika Anda memiliki peran admin, karyawan harus memiliki perangkat yang aman untuk mencegah peretas mencuri atau merekam kredensial akun Anda dengan menggunakan keylogger dan sejenisnya.
8.) Untuk administrator situs web, selalu gunakan kata sandi yang kompleks dan panjang saat mengakses sistem utama situs web perusahaan Anda. Ini sudah jelas, tetapi agar peretas tidak mudah mengambil alih kredensial akun Anda, Anda harus memiliki kata sandi yang kompleks dan panjang.
9.) Untuk perusahaan yang memiliki banyak karyawan yang dapat mengakses sistem utama situs web, sangat disarankan agar pemilik perusahaan menerapkan timeout login. Hal ini untuk mengontrol dan menangani pengguna yang mengakses sistem utama situs web dan secara tidak sengaja meninggalkan monitor mereka menyala di dalamnya, yang dapat dengan mudah diakses oleh peretas potensial yang akan mencoba menggunakan komputer Anda.
10.) Situs web perusahaan juga harus menerapkan otentikasi dua faktor (link to our guide here) untuk penggunanya terutama yang memiliki peran admin agar situs web benar‑benar aman tidak hanya untuk penggunanya tetapi juga untuk perusahaan itu sendiri. Otentikasi dua faktor adalah metode di mana proses login menambahkan lapisan keamanan tambahan. Contohnya, setelah masuk dengan nama pengguna dan kata sandi, situs web akan meminta pengguna memverifikasi identitas mereka dengan mengirim kode verifikasi atau menanyakan pertanyaan rahasia untuk melanjutkan.
11.) Limit file sizes and types that users can upload to your website. Some websites have upload functions in which users can upload various files on it. One risk is that if some of the files that are being uploaded are infected or are with encrypted codes that could simply crawl to your website's backend and database, it can result to hackers easily accessing your website and/or mess up with your system easily.
12.) It is recommended that company websites should have a separate server for their database in order for hackers to have a hard time finding out where the company's vital information is stored and located.
13.) Lastly, keep everything up to date. For company website owners, always make sure that the system in which your website is running on should be updated. This is to be secured from the latest methods that hackers use in order to penetrate your website.
And there you have it, these essential practices and tips will help you towards building a very secured website for your company. There will be always a way to counter hackers from penetrating your website and these listed here are not the only ways to stop them. Once hackers see that your website is tight and secured, they will be disinterested in trying to pry into your websites and it will be your win.??We’re working with Globe Business to share with you some of the most basic security tips for a better #makeITsafePH environment. Globe Business offers cybersecurity solutions to ensure business continuity that allows you to mitigate security trends before they happen.
To know more, you can visit http://business.globe.com.ph/solutions/managed-security-services.html. Also, do check out some of the earlier articles below.
More #makeITsafePH security tips:
- 5 ways to spot a Phishing Site from a Mile Away
- 10 Email Tips to Keep Away from Spam
- How to Manage Internet Use for your Children
- How to Clean your PC from Malware
- 6 Internet Security Tips in The Workplace
- How to Keep Safe when using Public or Free WiFi
- 4 Signs Your Online Accounts May Have Been Compromised

“However, their attempts usually fail due to good website security that most companies should have.”
Sigurado ba kayo dyan?!